[Cerowrt-devel] open recursive DNS server

Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed

* [Cerowrt-devel] open recursive DNS server
@ 2014-11-25 18:25 Michael Richardson
  2014-11-25 18:36 ` Dave Taht
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Richardson @ 2014-11-25 18:25 UTC (permalink / raw)
  To: cerowrt-devel


I noticed that I'm being used as an open recursive relay.
I see:

except-interface=ge00

in the generated /var/etc/dnsmasq.conf, but that's wrong.  It should except
pppoe-storm from service!

Can I fix this somewhere in /etc/config?  Can I just put in a CIDR?

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 
	

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Cerowrt-devel] open recursive DNS server
  2014-11-25 18:25 [Cerowrt-devel] open recursive DNS server Michael Richardson
@ 2014-11-25 18:36 ` Dave Taht
  2014-11-26  2:54   ` Michael Richardson
  0 siblings, 1 reply; 4+ messages in thread
From: Dave Taht @ 2014-11-25 18:36 UTC (permalink / raw)
  To: Michael Richardson; +Cc: cerowrt-devel

hmm. you should still have been firewalled off. Is it really
responding to dns queries from the
outside world?

Add to /etc/config/dhcp

 list notinterface 'yourotherinterface'

there are other ways.

On Tue, Nov 25, 2014 at 10:25 AM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> I noticed that I'm being used as an open recursive relay.
> I see:
>
> except-interface=ge00
>
> in the generated /var/etc/dnsmasq.conf, but that's wrong.  It should except
> pppoe-storm from service!
>
> Can I fix this somewhere in /etc/config?  Can I just put in a CIDR?
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht

thttp://www.bufferbloat.net/projects/bloat/wiki/Upcoming_Talks

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Cerowrt-devel] open recursive DNS server
  2014-11-25 18:36 ` Dave Taht
@ 2014-11-26  2:54   ` Michael Richardson
  2014-11-26  5:12     ` Dave Taht
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Richardson @ 2014-11-26  2:54 UTC (permalink / raw)
  To: Dave Taht; +Cc: cerowrt-devel


Dave Taht <dave.taht@gmail.com> wrote:
    > hmm. you should still have been firewalled off. Is it really responding
    > to dns queries from the outside world?

yes.... mind you I have routeable IP(v4)s addresses which are used to NAT
internal hosts to, and both those and the ppp interface respond...

    > Add to /etc/config/dhcp

    >  list notinterface 'yourotherinterface'

    > there are other ways.

Can I list more than one interface to ignore?  I'd rather list both the
underlying "ge00" interface (which was already there), and the pppoe-XXXX
interface.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 
	



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Cerowrt-devel] open recursive DNS server
  2014-11-26  2:54   ` Michael Richardson
@ 2014-11-26  5:12     ` Dave Taht
  0 siblings, 0 replies; 4+ messages in thread
From: Dave Taht @ 2014-11-26  5:12 UTC (permalink / raw)
  To: Michael Richardson; +Cc: cerowrt-devel

On Tue, Nov 25, 2014 at 6:54 PM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> Dave Taht <dave.taht@gmail.com> wrote:
>     > hmm. you should still have been firewalled off. Is it really responding
>     > to dns queries from the outside world?
>
> yes.... mind you I have routeable IP(v4)s addresses which are used to NAT
> internal hosts to, and both those and the ppp interface respond...
>
>     > Add to /etc/config/dhcp
>
>     >  list notinterface 'yourotherinterface'
>
>     > there are other ways.
>
> Can I list more than one interface to ignore?  I'd rather list both the
> underlying "ge00" interface (which was already there), and the pppoe-XXXX
> interface.

it is a list. add as many list lines as you like.

>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>



-- 
Dave Täht

thttp://www.bufferbloat.net/projects/bloat/wiki/Upcoming_Talks

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-11-26  5:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-25 18:25 [Cerowrt-devel] open recursive DNS server Michael Richardson
2014-11-25 18:36 ` Dave Taht
2014-11-26  2:54   ` Michael Richardson
2014-11-26  5:12     ` Dave Taht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox